[clamav-users] daily.cvd out of date?

Al Varnell alvarnell at mac.com
Mon Mar 16 12:46:56 EDT 2015


daily.cvd is compressed to save time and bandwidth when you need the entire daily database downloaded.  If you use scripted update (default) then it’s decompressed to become daily.cld and each daily.cdiff is then added to it.  So yes, at any given point in time for the same version number, they are the same thing, but different sizes.

-Al—

On Mon, Mar 16, 2015 at 08:16AM, Gene Heskett wrote:
> 
> On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
>> David,
>> 
>> I forwarded this on to the ops team for a look.
>> 
> I cannot prove its the same address Joel, my expiry rules clean up this 
> folder in about 30 day but this looks like a previous such request that 
> has been made before, possibly more than once before.  So please follow 
> up, get a report back and put it on the list so we know its been done.
> 
> FWIW, I just ran that command, and then stat'd the file, which does not 
> reside anywhere in my install as my /var/lib/clamav only contains .cld's 
> except for main.cvd.
> 
> I got:
> gene at coyote:~$ stat daily.cvd
>  File: `daily.cvd'
>  Size: 33765882  	Blocks: 65952      IO Block: 4096   regular file
> Device: 801h/2049d	Inode: 57696146    Links: 1
> Access: (0644/-rw-r--r--)  Uid: ( 1000/    gene)   Gid: ( 1000/    gene)
> Access: 2015-03-16 10:57:16.000000000 -0400
> Modify: 2015-03-15 16:28:00.000000000 -0400
> Change: 2015-03-16 10:57:16.137624052 -0400
> Birth: -
> 
> Which freshclam is not servicing so I put it in /var/lib /clamav as 
> follows.
> 
> gene at coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
> gene at coyote:~$ ls -l /var/lib/clamav
> total 180848
> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> -rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
> -rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> -rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
> gene at coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
> gene at coyote:~$ ls -l /var/lib/clamav
> total 180848
> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
> -rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> -rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
> gene at coyote:~$ sudo less /var/lib/clamav/freshclam.log
> 
> Is something broken in my freshclam configuration, or is the daily.cld 
> the same thing?
> 
> A curious user here.
> 
>> --
>> Joel Esler
>> Open Source Manager
>> Threat Intelligence Team Lead
>> Talos Group
>> 
>> On Mar 16, 2015, at 8:51 AM, Smith, David
>> <drsmith at fsu.edu<mailto:drsmith at fsu.edu>> wrote:
>> 
>> Jason,
>> Can you PLEASE pull mirror 150.214.142.197 out of your lists???  Note
>> the modify date on the daily.cvd
>> 
>> [root at rhn cron]# wget http://150.214.142.197/daily.cvd
>> --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
>> Connecting to 150.214.142.197:80... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: 27596102 (26M) [text/plain]
>> Saving to: `daily.cvd'
>> 
>> 100%[=================================================================
>> =================================================================>]
>> 27,596,102  2.35M/s   in 13s
>> 
>> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
>> [27596102/27596102]
>> 
>> [root at rhn cron]# stat daily.cvd
>> File: `daily.cvd'
>> Size: 27596102        Blocks: 53976      IO Block: 4096   regular
>> file Device: fd00h/64768d    Inode: 1310864     Links: 1
>> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/   
>> root) Access: 2015-03-16 08:47:29.000000000 -0400
>> Modify: 2014-08-28 13:26:00.000000000 -0400
>> Change: 2015-03-16 08:47:29.000000000 -0400
>> 
>> 
>> WITH the Pragma: No-cache
>> 
>> [root at rhn cron]# wget --header="Pragma: no-cache"
>> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37-- 
>> http://150.214.142.197/daily.cvd
>> Connecting to 150.214.142.197:80... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: 27596102 (26M) [text/plain]
>> Saving to: `daily.cvd.1'
>> 
>> 100%[=================================================================
>> =================================================================>]
>> 27,596,102  4.41M/s   in 7.0s
>> 
>> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
>> [27596102/27596102]
>> 
>> [root at rhn cron]# stat daily.cvd.1
>> File: `daily.cvd.1'
>> Size: 27596102        Blocks: 53976      IO Block: 4096   regular
>> file Device: fd00h/64768d    Inode: 1310865     Links: 1
>> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/   
>> root) Access: 2015-03-16 08:49:44.000000000 -0400
>> Modify: 2014-08-28 13:26:00.000000000 -0400
>> Change: 2015-03-16 08:49:44.000000000 -0400
>> 
>> 
>> Thanks!
>> 
>> Dave Smith                                                        
>> drsmith at fsu.edu<mailto:drsmith at fsu.edu>                           
>> (850)645-8024 Linux Administrators                                    
>> its-unixadmins at fsu.edu<mailto:its-unixadmins at fsu.edu>             
>> (850)644-2591 Information Technology Services             Florida
>> State University
>> 
>> 
>> -----Original Message-----
>> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
>> Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM
>> To:
>> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
>> Subject: Re: [clamav-users] daily.cvd out of date?
>> 
>> On 27/02/15 08:49, Smith, David wrote:
>> Nope .. not yet!  :)
>> Try
>> 
>> wget --header="Pragma: no-cache"  
>> http://database.clamav.net/daily.cvd
>> 
>> I say that because I'm wondering if you have a transparent proxy in
>> between you and the server, so that extra Pragma header should force
>> the proxy to re-download it instead of feeding out of cache. If the
>> file ends up with a newer date, then that confirms there's a proxy in
>> between (and as a side effect should have replaced the stale cached
>> entry - so freshclam will be happy again - at least for a short while)
>> 
>> 
>> --
>> Cheers
>> 
>> Jason Haar



More information about the clamav-users mailing list